redline

Resubmissions

17-09-2023 21:42

230917-1kqywsfc99 10

09-09-2023 02:55

06-09-2023 17:13

13-08-2023 17:31

27-06-2023 12:47

13-06-2023 16:07

Sharing

Copy URL

Twitter E-mail

General

Target

a.zip
Size

832B
Sample

230813-v3xlhafe8v
MD5

10e578867faad166dc6a8f3868cef2f4
SHA1

f541fab60d482834e90638c5aebdefe3d997174e
SHA256

6fe03f61ee89f37688356f14ee8dc2d0c001e0d43281fad29386270a9c71c92c
SHA512

38389b61e71eed9a9587900f60d59c145d070d0e02602f473c284befcd4898b1191f1982e71463c9cbe17ea36f4ec6c17d665f072e730981eae00fd805863114

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

5.1

Botnet

6ba937c4f557f3e5e256c94548f72a29

https://t.me/tatlimark

https://steamcommunity.com/profiles/76561199536605936

Attributes

profile_id_v2
6ba937c4f557f3e5e256c94548f72a29

Extracted

Family

remcos

Botnet

RemoteHost

192.210.255.48:2404

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-55NWGD
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

51.83.170.21:19447

Attributes

auth_value
c2955ed3813a798683a185a82e949f88

Targets

- Target
  
  a.zip
- Size
  
  832B
- MD5
  
  10e578867faad166dc6a8f3868cef2f4
- SHA1
  
  f541fab60d482834e90638c5aebdefe3d997174e
- SHA256
  
  6fe03f61ee89f37688356f14ee8dc2d0c001e0d43281fad29386270a9c71c92c
- SHA512
  
  38389b61e71eed9a9587900f60d59c145d070d0e02602f473c284befcd4898b1191f1982e71463c9cbe17ea36f4ec6c17d665f072e730981eae00fd805863114
Score

10^/10

redline remcos vidar 6ba937c4f557f3e5e256c94548f72a29 logsdiller cloud (telegram: @logsdillabot)remotehost infostealer rat stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score

1^/10

behavioral1

redlineremcosvidar6ba937c4f557f3e5e256c94548f72a29logsdiller cloud (telegram: @logsdillabot)remotehostinfostealerratstealer

Score

10^/10

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

RedLine payload

Remcos

Vidar

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Downloads MZ/PE file

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1